Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update HTTP parse_options_headers method to avoid using regex for options matching #2907

Open
wants to merge 3 commits into
base: 3.0.x
Choose a base branch
from
Open

Update HTTP parse_options_headers method to avoid using regex for options matching #2907

wants to merge 3 commits into from

Conversation

aneshujevic
Copy link

@aneshujevic aneshujevic commented May 18, 2024
edited
Loading

When parsing certain Content-Type headers http parser would take too much time because of exhaustive regex matching.

Instead of using regex matching for parsing options we're using FSM (similar to one used in Django, actually the main idea of it was taken from there), so the performance is much better and the exhaustive regex matching is avoided, this way we won't have performance issues when someone tries something like ReDoS on options headers.

fixes #2904

Please take a look at the PR so we can fix the issue, thanks!

Also wanted to thank you for one of the best and most comprehensive test suites I've seen.
It eased the development a lot, so thank you once more!

@davidism
Copy link
Member

Thank you, I may not have time until after PyCon to review this, but I will get to it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@aneshujevic @davidism